Google Hackers Traced to Chinese Schools

Cited: New York Times

According to the people involved in the investigation of the hacker attacks on Google and dozens of medical rations, the hackers been traced to two educational institutions in China. One of these schools supposedly has ties to the Chinese military.

They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.

Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.

If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.

Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.

The revelations were shared by the contractor at a meeting of computer security specialists.

The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School, according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry.

Jiaotong has one of China’s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. — the “Battle of the Brains” — beating out Stanford and other top-flight universities.

Lanxiang, in east China’s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school’s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google.

Within the computer security industry and the Obama administration, analysts differ over how to interpret the finding that the intrusions appear to come from schools instead of Chinese military installations or government agencies. Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a “false flag” intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.

Independent researchers who monitor Chinese information warfare caution that the Chinese have adopted a highly distributed approach to online espionage, making it almost impossible to prove where an attack originated.

“We have to understand that they have a different model for computer network exploit operations,” said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer “patriotic hackers” to support its policies.

Spokesmen for the Chinese schools said they had not heard that American investigators had traced the Google attacks to their campuses.

If it is true, “We’ll alert relative departments and start our own investigation,” said Liu Yuxiang, head of the propaganda department of the party committee at Jiaotong University in Shanghai.

But when asked about the possibility, a leading professor in Jiaotong’s School of Information Security Engineering said in a telephone interview: “I’m not surprised. Actually, students’ hacking into foreign Web sites is quite normal.” The professor, who teaches Web security, asked not to be named for fear of reprisal.

“I believe there are two kinds of situations,” the professor continued. “One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”

At Lanxiang Vocational, officials said they had not heard about any possible link to the school and declined to say if a Ukrainian professor taught computer science there.

‘I think it’s impossible for our students’

A man named Mr. Shao, who said he was dean of the computer science department at Lanxiang but refused to give his first name, said, “I think it’s impossible for our students to hack Google or other U.S. companies because they are just high school graduates and not at an advanced level. Also, because our school adopts close management, outsiders cannot easily come into our school.”

Mr. Shao acknowledged that every year four or five students from his computer science department were recruited into the military.

Google’s decision to step forward and challenge China over the intrusions has created a highly sensitive issue for the United States government. Shortly after the company went public with its accusations, Secretary of State Hillary Rodham Clinton challenged the Chinese in a speech on Internet censors, suggesting that the country’s efforts to control open access to the Internet were in effect an information-age Berlin Wall.

Those are just getting started in business in New York . . . You can get small business New York computer support services that include computer management services, computer network support, network management and more. If you’re not sure where you need to set up a computer system you can even get New York IT consulting services to help you make that decision.

A report on Chinese online warfare prepared for the U.S.-China Economic Security Review Commission in October 2009 by Northrup Grumman identified six regions in China with military efforts to engage in such attacks. Jinan, site of the vocational school, was one of the regions.

Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser.

Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique — called man-in-the-mailbox — to exploit the natural trust shared by people who work together in organizations.

After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.

The recent invasions of the computer systems of Google and several dozen other American companies have placed a spotlight on the dismal state of American computer security. Many American corporations take a reactive approach to attacks and are dependent on off-the-shelf antivirus products.

It is believed that a Chinese man with government links wrote a key part of a spyware program that was used by hackers on Google and other corporations last year according to US government analysts in the Financial Times on February 22. The report did not say how analysts knew about the man’s government ties.

The allegations over the spyware are the latest episode in a dispute that has pitted Google and the United States against China, with its wall of Internet controls and legions of hackers.

Google has threatened to pull back from China and shut its Google.cn Chinese-language portal over complaints of censorship and sophisticated hacking from within China. Washington has backed those criticisms and urged Beijing to investigate hacking complaints thoroughly and transparently. Beijing has said it opposes hacking.

The Financial Times report also quoted unnamed sources backing a New York Times report that analysts had traced the online attacks to two Chinese educational institutions, the prestigious Shanghai Jiaotong University and the Lanxiang vocational school.

The two establishments have denied the reports. And the allegation that the latter, a high-school level institute that also trains hairdressers, chefs and car mechanics, could take on one of the world’s most powerful Internet firms, have been widely mocked in Chinese cyberspace.

“How can these future cooks be such powerful hackers?” a web user from Zhejiang province said on the portal www.163.com. The use of the school’s IP address could simply mean that hackers had taken over its computers to hide their tracks.

But Lanxiang’s website also claims to have the “biggest” computer laboratory in the world, a boast it says is confirmed by Guinness World Records.

The prestigious Shanghai Jiaotong University and the previously little-known Lanxiang vocational college, a high-school level institution, have both denied any role.

The hacking dispute has added to tensions with Washington over quarrels ranging from trade and the Chinese currency to a meeting last week between U.S. President Barack Obama and exiled Tibetan leader the Dalai Lama, who China reviles as a “separatist” for demanding self-rule for his homeland.

China’s military warned the United States on February 25 to “speak and act cautiously” to avoid reigniting tensions between the two powers, denying the People’s Liberation Army played a part in Internet hacking.

———————————————-

My Take: Well, as temperamental as China seems to be, I think we should be preparing for World War III! If anybody is going to push the button it is China. If the tables were turned, I have a feeling that the call center at Google would be overloaded with phone calls from the Chinese. Their call center software would not be able to handle the millions of calls that they would get. However, I’m sure that they’re predictive dialer would call all the people they missed back.

From everything I’ve read, it seems that China has a lot of data centers around their country, each with its own server colocation. I wouldn’t even doubt that they use an data center for some of their businesses and even government work. I would not put it past them. In fact, they probably utilize a RAID system on their computers. RAID systems achieve high capacity simply by using multiple disks.

It would be a feather in a hackers cap if they could cause China’s RAID system problems. Then they would need RAID recovery services and it would serve them right. The companies that were hacked are probably in great need of disk recovery as it is. Unfortunately, because of hackers and viruses a lot of people need data recovery services.

———————————————-

Related Resources

Intrusion Prevention Management

Intrusion prevention services can protect you from internet attack, stopping unauthorized access and preventing worms, Trojans, and viruses from taking down your network. Subscription-based ProtectPoint services deliver both the technology and the round-the-clock expertise needed to protect your network and bring you into compliance with data security policies.

Duplications

Simplify your life when it comes to CD replication and LA music CD duplication. An extreme quality service and attention to detail constantly produces successful results for you. All you need to do is tell a vendor what you want and they will deliver it to you ASAP! Whether you need a CD or DVD copy made you can find a service right for you.

Article Rating: